#VU87522 Input validation error in Cisco Systems, Inc products - CVE-2024-20318
Published: March 14, 2024
Vulnerability identifier: #VU87522
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-20318
CWE-ID: CWE-20
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Cisco IOS XR
IOS XRd vRouter
Cisco IOS XRv 9000 Router
Cisco ASR 9000 Series Aggregation Services Routers
Cisco ASR 9006 Router
Cisco ASR 9010 Router
Cisco ASR 9901 Router
Cisco ASR 9902 Router
Cisco ASR 9903 Router
Cisco ASR 9904 Router
Cisco ASR 9906 Router
Cisco ASR 9910 Router
Cisco ASR 9912 Router
Cisco ASR 9922 Router
Cisco IOS XR
IOS XRd vRouter
Cisco IOS XRv 9000 Router
Cisco ASR 9000 Series Aggregation Services Routers
Cisco ASR 9006 Router
Cisco ASR 9010 Router
Cisco ASR 9901 Router
Cisco ASR 9902 Router
Cisco ASR 9903 Router
Cisco ASR 9904 Router
Cisco ASR 9906 Router
Cisco ASR 9910 Router
Cisco ASR 9912 Router
Cisco ASR 9922 Router
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the Layer 2 Ethernet services. A remote attacker on the local network can pass specially crafted input to the application and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.